You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Trojan Problem - Avast Detects But Can't Kill

Hi. I seem to have some kind of virus which my avast antivirus detects when: (1) I connect a usb drive to my laptop and try to access it via "My Computer" (but not if I go to My Documents and select the drive from the drop down menu) - but the usb when scanned is clean(2) when I restart my laptop; and (3) when I scan my machine for viruses using a range of anti virus scanning software.

Avast says that the virus type is: Win32:Trojan-gen {other}

I have scanned my c drive and usb drives with avast, clamwin, komodo, panda online scan, mcafee stinger and spybot but each time no virus or problem is detected in the report. However, when I do the virus scans (not the spyware scans), avast does detect a something arising, but when I try to delete it, it doesn't seem to go away.

The general file names that avast detects on restart/connection to usb drive are:

C:WINDOWS\system32\bhoplugin.dll C:WINDOWS\system32\kernel16.dll,

However, whilst I scan with another antivirus program other than avast, avast does detect virus files that bear the name of that antivirus scanning program - e.g. a filename with clamwin in the title when I am scanning with that program. As I said, the trojan does not seem to come up with the spybot or mcafee stinger scans.

So it seems to me that the problem is masked behind these files?

I got your help last year for a different problem, and since have followed your advice and run avast, spybot checks regularly and use Zone Alarm firewall. I am currently overeseas and so don't get to update these that often - so a problem may have sneaked in via usb drive. I have a few days window here where I am near a "broadband" (kind of) connection, via internet cafes, so I'd appreciate your help. I tried to post this yesterday, but can't seem to find my post, so am posting again.

BC AdBot (Login to Remove)

Welcome to the BleepingComputer HijackThis Logs and Analysis forum fsnov06 My name is Richie and i'll be helping you to fix your problems.

You have recycler.exe present on your pc [Troj/Shuckbot-A/ Trojan/IRC backdoor].A Backdoor is a software program that gives an attacker unauthorized access to a machine and the means for remotely controlling the machine without the user's knowledge. A Backdoor compromises system integrity by making changes to the system that allow it to by used by the attacker for malicious purposes unknown to the user.

They are typically installed without user interaction through security exploits, and may allow an attacker to remotely control the infected machine. Such risks may allow the attacker to install additional malware and use the compromised machine to participate in denial of service attacks, spamming, and bot nets, or to transmit sensitive data to a remote server. The malware may be cloaked and not visible to the user. These risks severely compromise the system by lowering security settings, installing 'backdoors,' infecting system files, or spreading to other networked machines.

If your computer was used for online banking or has credit card information on it, all passwords should be changed immediately to include those used for email, eBay and forums. You should consider them to be compromised.They should be changed by using a different computer and not the infected one,if not an attacker may get the new passwords and transaction information. Banking and credit card institutions should be notified of the possible security breech.

Thanks for this Richie. Not good news. I am currently not in my home country or in a place with a whole lot of reliable techies or access to stuff that I may need, but I will make a few enquiries with those that are around and see if a re-install is viable. I do have a CD for windows, but I'll have too look at the other stuff. I don't use the computer for banking etc... so my ID should be intact. But I'll take some precautions there in any case, and I will change other minor passwords on another machine forthwith.

In the meantime, can we easily delete the backdoor /clean up (knowing of course that this may not fix the problem)?